Cisco Reimagines Security for the Agentic Workforce

Rhea-AI Summary

Cisco (NASDAQ: CSCO) unveiled a suite of security innovations for the agentic AI workforce at RSA Conference 2026. Key launches include Zero Trust Access for agents via Duo IAM and MCP policy enforcement, AI Defense: Explorer Edition, the open-source DefenseClaw framework with NVIDIA OpenShell integration, and Splunk enhancements to enable an agentic SOC.

Several features are GA or launch between April–June 2026, aiming to secure agent identities, harden models pre-deployment, and accelerate machine-speed detection and response.

Positive

• Extends Zero Trust Access to AI agents for accountable identities
• AI Defense: Explorer Edition offers self-serve red teaming for builders
• Introduces open-source DefenseClaw framework with NVIDIA OpenShell plans
• Splunk adds Detection Studio and agentic SOC capabilities to speed response
• Staged availability: key features launch April–June 2026

Negative

• Only 5% of surveyed enterprises moved agents into production
• Adversaries target identity components, increasing agentic attack risk
• Several capabilities are not yet GA; phased launches may delay full protection

Key Figures

Enterprises experimenting with AI agents: 85% AI agents in production: 5% Rising threat sophistication: 95% +5 more

8 metrics

Enterprises experimenting with AI agents 85% Cisco survey of major enterprise customers

AI agents in production 5% Cisco survey of major enterprise customers

Rising threat sophistication 95% CISOs citing rising threat actor sophistication in Splunk report

AI expands event review 92% CISOs saying AI enables reviewing more security events

Agentic AI boosts response 82% CISOs expecting agentic AI to improve review and response speeds

Exposure Analytics launch window April–May Planned launch for Exposure Analytics, SOP Agent, Federated Search

Automation/Triage launch June Expected launch for Automation Builder Agent and Triage Agent

Detection/Guided prerelease June 2026 Target prerelease for Detection Builder Agent and Guided Response Agent

Market Reality Check

Price: $77.65 Vol: Volume 84,079,992 is 3.45...

high vol

$77.65 Last Close

Volume Volume 84,079,992 is 3.45x the 20-day average of 24,340,110, indicating elevated trading activity before this AI security announcement. high

Technical Shares at $77.65 are trading above the 200-day MA of $72.61 and about 11.95% below the 52-week high of $88.185.

Peers on Argus

Core communication-equipment peers were also weak, with names like HPE, NOK, ERI...

1 Up

Core communication-equipment peers were also weak, with names like HPE, NOK, ERIC and UI down between roughly 3–5%, suggesting broader sector pressure even as this AI security news hit. Momentum scanner data, however, does not flag a coordinated sector move.

Historical Context

5 past events · Latest: Mar 16 (Positive)

Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
Mar 16	AI security expansion	Positive	+0.5%	Expanded Secure AI Factory with NVIDIA and AI Defense support for OpenShell.
Feb 27	Investor events	Neutral	+1.7%	Planned participation in multiple March financial community events.
Feb 24	AI CISO report	Positive	+0.5%	Splunk 2026 CISO report underscoring AI’s growing role in security.
Feb 23	AI factory launch	Positive	-1.8%	Launch of Australia’s first Cisco Secure AI Factory with NVIDIA.
Feb 11	Q2 earnings	Positive	-12.3%	Strong Q2 revenue, EPS growth, and AI infrastructure orders with raised dividend.

Pattern Detected

Recent AI-focused announcements have often been positive while share reactions were mixed, with two notable divergences on strong AI and earnings news.

Recent Company History

Over the last few months, Cisco has repeatedly highlighted AI and security. On Feb 11, Q2 FY2026 earnings showed higher revenue, EPS, and AI infrastructure orders but saw a -12.32% reaction. Subsequent AI-related releases on Feb 23, Feb 24, and Mar 16 detailed Secure AI Factory and agentic AI initiatives, with mostly modest positive moves. Today’s agentic security launch continues this trajectory of embedding AI deeper into Cisco’s security and infrastructure portfolio.

Market Pulse Summary

This announcement details Cisco’s effort to secure the emerging agentic workforce, combining Zero Tr...

Analysis

This announcement details Cisco’s effort to secure the emerging agentic workforce, combining Zero Trust controls for AI agents, AI Defense: Explorer Edition for red teaming, and new Splunk AI features to automate SOC workflows. It follows prior AI-focused launches and surveys showing high interest but limited production use of agents. Investors may watch adoption of these capabilities, timelines for features expected from April through June, and how they integrate across Cisco’s broader security portfolio.

Key Terms

zero trust access, identity and access management (iam), model context protocol (mcp), security service edge (sse), +4 more

8 terms

zero trust access technical

"Cisco extends Zero Trust Access to agents with agent discovery in Cisco Identity Intelligence"

Zero trust access is a security approach that treats every user, device and request as untrusted until verified, requiring continuous checks and the least possible access needed to do a task. Think of it like a doorman who checks ID and purpose at every doorway rather than a single lobby pass. For investors, it matters because strong zero trust controls reduce breach risk, regulatory fines and downtime, which can protect revenue, reputation and valuation.

identity and access management (iam) technical

"agentic Identity and Access Management (IAM) in Duo, and model context protocol (MCP)"

Identity and access management (IAM) is the set of tools and practices a company uses to control who can enter its digital systems and what they can do, like assigning and checking virtual keys for employees, contractors and customers. Investors care because strong IAM reduces the risk of costly data breaches, regulatory fines and downtime, while weak IAM can damage trust, trigger expenses and harm a company’s valuation.

model context protocol (mcp) technical

"model context protocol (MCP) policy enforcement and adaptive risk protection in Secure Access"

The Model Context Protocol (MCP) is a system that helps financial models understand and share information about market conditions and data. It’s like a common language that ensures different tools and models work together smoothly, making predictions and decisions more accurate and consistent.

security service edge (sse) technical

"adaptive risk protection in Secure Access security service edge (SSE).AI Defense: Explorer Edition"

Security Service Edge (SSE) is a cloud-based bundle of tools that protects users and data as they access internet services and applications, no matter where they are. Think of it as a virtual security checkpoint that inspects traffic, blocks threats, and enforces access rules before data moves between people, apps, and the internet. Investors care because SSE shapes cybersecurity spending, recurring revenue models for vendors, and a company’s ability to safely scale cloud and remote work, which affects risk and growth prospects.

sdk technical

"Agent Runtime Software Development Kit (SDK), which embeds policy enforcement directly"

An SDK (software development kit) is a bundled set of tools, code samples and instructions that lets outside developers build software that works with a company’s platform or product. Think of it as a toolbox and recipe that makes it faster and easier for others to create compatible apps or services. For investors, an SDK matters because widespread developer use can boost product adoption, create new revenue streams and strengthen customer lock‑in, signaling potential future growth.

mitre att&ck framework technical

"It automatically maps detection coverage against the MITRE ATT&CK framework to identify"

A structured, publicly documented knowledge base of common cyberattack behaviors and defensive measures that helps organizations describe, explore and respond to intrusions. Think of it as a playbook and map combined—listing typical attacker moves and where they happen—so security teams can test defenses and prioritize fixes. Investors care because companies that follow this framework tend to identify risks faster, reduce breach impact, and provide clearer security reporting, which affects value and liability.

security operations center (soc) technical

"giving security operations center (SOC) teams the tools to stop threats at machine speed"

A security operations center (SOC) is a centralized team and facility that continuously watches over a company’s digital systems and data, detects suspicious activity, and responds to cyber incidents to keep operations running. Think of it as a 24/7 digital command center or neighborhood watch for a business; its effectiveness matters to investors because strong monitoring and rapid response reduce the risk of costly breaches, downtime, regulatory penalties, and damage to reputation, all of which can affect a company’s value.

red teaming technical

"users can begin red teaming the AI models and applications that will be deployed"

Red teaming is an independent, adversarial review where a group deliberately probes a company’s systems, plans or controls by thinking and acting like an attacker to find weak spots before real threats do. Think of it as hiring someone to try to break into your house so you can fix the locks; for investors, it matters because red teaming uncovers hidden risks, reduces the chance of costly breaches or regulatory problems, and can protect a company’s financial and reputational value.

AI-generated analysis. Not financial advice.

With end-to-end security across AI actions, Cisco is helping organizations confidently deploy AI agents at scale

News Summary:

• Cisco extends Zero Trust Access to agents with agent discovery in Cisco Identity Intelligence, agentic Identity and Access Management (IAM) in Duo, and model context protocol (MCP) policy enforcement and adaptive risk protection in Secure Access security service edge (SSE).
• AI Defense: Explorer Edition democratizes AI safety and security by providing developers with self-serve tools to test model and application resilience against attacks and embed robust guardrails into agents before they are deployed.
• Cisco introduces DefenseClaw, an open source secure agent framework that automates security and inventory, with plans to integrate with NVIDIA OpenShell as the sandbox to eliminate manual steps and accelerate secure agent deployment.
• New Splunk AI innovations transform security operations by automating response workflows, enabling teams to outpace sophisticated adversaries at machine speed.

SAN FRANCISCO, March 23, 2026 /PRNewswire/ -- RSA CONFERENCE 2026 -- Cisco (NASDAQ: CSCO) today announced significant security innovations designed for the agentic AI ecosystem, where software no longer just answers questions—it acts. At RSA Conference 2026, Cisco is introducing solutions to address AI security issues and remove a top barrier to agent adoption. By establishing trusted identities, enforcing strict Zero Trust Access controls, hardening agents before deployment, enforcing guardrails at runtime, and giving security operations center (SOC) teams the tools to stop threats at machine speed, Cisco is building security into the foundation of the emerging AI economy.

"AI agents aren't just making existing work faster; they're a new workforce of co-workers that dramatically expand what organizations can accomplish," said Jeetu Patel, President and Chief Product Officer at Cisco. "Projects shelved for lack of resources are now within reach. The only limit is imagination, and security teams are the key to unlocking this opportunity by making the agentic workforce safe enough to trust."

In a recent Cisco survey of major enterprise customers, 85% reported experimenting with AI agents, but just 5% had moved agentic technology into production.  

To unleash the vast potential of AI agents, Cisco is addressing three key pillars to securing the agentic workforce. First: Protecting the world from agents, ensuring they can only act as intended. Second: Protecting agents from the world, ensuring they can't be manipulated or corrupted. Third: Detecting and responding to AI incidents at machine speed and scale.

Protect the world from agents: Establish trust before agents go to work

Like new employees, AI agents need onboarding to establish their identity, understand their function, and map them to an accountable human manager. Yet today, most enterprises are unaware of which agents are running, let alone who is responsible if something goes wrong. Existing SSE tools weren't built to enforce time-bound access for agentic workload identities, nor can they understand context behind agent requests.

According to the 2025 Cisco Talos Year in Review release today, attackers overwhelmingly targeted a subset of components that directly authenticate users, enforce access decisions, or broker trust between systems. Adversaries' focus on identity will only accelerate with the rise of agentic workloads.

To address these challenges, today Cisco is extending Zero Trust Access to AI agents, holding them accountable to a human employee and securing agentic actions. New Duo IAM capabilities integrate with novel MCP policy enforcement and intent-aware monitoring in Cisco Secure Access to enforce strict access control, uniquely helping organizations gain full visibility and governance over their agentic workforce. These capabilities include:

• Agent Identity Management: Customers can register agents in Duo IAM and map them to accountable human owners, ensuring every agent has a verified identity and enabling traceability of actions.
• Agent and Tool Visibility: Cisco Identity Intelligence discovers agentic and non-human identities to help organizations understand existing AI usage.
• Strict Access Control: Agents are assigned fine-grained permissions only for the specific tasks they perform or resources they need for a short duration, with all tool traffic routed through an MCP gateway to eliminate blind spots.

"Organizations are eager to embrace AI, but they need to do so without creating security coverage gaps. Cisco's Zero Trust Access for AI agents gives visibility into agentic identities and restricts access to exactly what's needed," said Jeremy Nelson, CISO North America, Insight. "We're excited to bring these capabilities to customers to secure their data while scaling their AI initiatives."

"In this dynamic agentic tech environment, strict access control for AI agents is critical but challenging to enforce consistently with legacy tools designed for human users. This creates uneven enforcement and blind spots, leading to gaps that agents in an agentic world will inevitably exploit," said Fernando Montenegro, Vice President & Practice Lead, Cybersecurity & Resilience, Futurum. "Cisco's platform approach is well-positioned to address these challenges by modernizing tooling to ensure consistent, adaptive security for AI agents."

Protect agents from the world: AI Defense safeguards the agentic workforce

As businesses race to deploy AI agents across increasingly complex and distributed environments, Cisco is expanding AI Defense with powerful new tools that help organizations test, trust, and secure their AI agents and the interactions between them.

Traditional scanning tools cannot simulate the real-world threats agents encounter, which are marked by longer conversations and access to tools and resources.

To empower more organizations to meet this challenge head-on, Cisco is democratizing the industry-leading capabilities of AI Defense by launching Cisco AI Defense: Explorer Edition. This new self-service solution is built on the same core AI Defense Validation engine trusted by Global 2000 customers. After signing up, users can begin red teaming the AI models and applications that will be deployed into agentic workflows to uncover susceptibility to attacks and measure risk posture before deployment. This toolkit enables AI developers, AppSec teams, and security researchers to build and secure AI agents.

At launch, Cisco AI Defense: Explorer Edition features:

• Dynamic Agent Red Teaming: Conduct multi-turn adversarial testing for models and applications that power agentic workflows, with Cisco's bespoke AI red teaming framework.
• Model and Application Security Testing: Validate resistance to prompt injection, jailbreaks, and other unsafe outputs.
• Straightforward Security Reporting: Get actionable AI security insights, exportable for compliance review.
• API-First Access: Tap into CI/CD integration for GitHub Actions, GitLab, Jenkins, and custom pipelines.
• Team Collaboration: Invite teammates; upgrade to AI Defense Enterprise for advanced role-based access control (RBAC).

Separately, Cisco is unveiling its Agent Runtime Software Development Kit (SDK), which embeds policy enforcement directly into agent workflows at build time. The Agent Runtime SDK supports major frameworks including AWS Bedrock AgentCore, Google Vertex Agent Builder, Azure AI Foundry, LangChain, and more.

Cisco is also introducing the LLM Security Leaderboard, a comprehensive resource for evaluating model risk and susceptibility to adversarial attacks. By providing transparent evaluation signals, this leaderboard contextualizes model performance metrics against evaluations of how models handle malicious prompts, jailbreak attempts, and other manipulation strategies. The tool empowers organizations with a clear, objective understanding of model risk and informs defense-in-depth approaches to AI deployments.

Together, these capabilities let organizations move from pilot to production with confidence: knowing their agents have been tested, benchmarked, and hardened before they ever touch a production system.

Security is a team sport, and Cisco continues to lead with transparency and collaboration. Building on the release of its first open source foundation AI model at last year's RSA Conference, Cisco is today introducing DefenseClaw — a secure agent framework designed to eliminate friction between development and security. By integrating a suite of essential open source tools — including Skills Scanner, MCP Scanner, AI BoM, and CodeGuard — DefenseClaw helps ensure that every skill is scanned and sandboxed, every MCP server is verified, and every AI asset is automatically inventoried, enabling developers to deploy secure agents with greater speed and confidence.

DefenseClaw features will directly hook into NVIDIA's OpenShell, extending the ongoing collaboration to provide robust, automated security at the runtime level. By consolidating these capabilities into a single framework, Cisco eliminates the need for manual security steps or separate tool installations, allowing organizations to maintain zero-trust integrity while scaling agentic workforces.

Detect and respond at machine speed: Empowering the agentic SOC

AI technologies are a double-edged sword. As the latest Talos Year in Review report shows, vulnerabilities like React2Shell have seen near instant and automated exploitation, likely fueled by agentic AI being used to build new exploit kits.

The same AI agents posing new security challenges can also be the most powerful tool in a defender's arsenal. Today's SOC analysts are overwhelmed by alert fatigue and fragmented data, spending more time on research than response.

Splunk, part of Cisco's security portfolio, has already moved to embed AI capabilities into key SOC workflows. Today, it is further evolving the SOC from reactive to proactive with:

• Exposure Analytics: Now integrated into Splunk Enterprise Security by default, this provides a continuously updated inventory of all assets and users. It delivers real-time risk scoring and relationship mapping, providing total visibility using data that organizations are already ingesting.
• Detection Studio: A unified workspace that streamlines the entire detection engineering lifecycle — planning, building, testing, deploying, and monitoring detections. It automatically maps detection coverage against the MITRE ATT&CK framework to identify and close gaps with precision. 
• Federated Search: A unified search that allows SOC analysts to uncover and correlate data across multiple environments, reducing costs and accelerating investigations.
• The Agentic SOC Expansion: Specialized AI agents — including the Detection Builder Agent, Standard Operating Procedures (SOP) Agent, Triage Agent, Malware Threat Reversing Agent, Guided Response Agent and Automation Builder Agent — move beyond data surfacing to active evaluation and execution. By automating security workflows, security tasks shift from a bottleneck to an accelerator, enabling the SOC to move at machine speed and scale. 

"The evolution of the security operations center from reactive to proactive is now a necessity in today's threat landscape. By introducing specialized AI agents, Cisco is empowering analysts to move beyond manual triage and prioritize the most important threats quickly," said Ryan Morris, President, Blackwood. "This is exactly the innovation required to help security teams stay ahead of constantly increasing and evolving SOC workloads."

Detection Studio and Malware Threat Reversing Agent are generally available. Exposure Analytics, SOP Agent and Federated Search are expected to launch in April and May. Automation Builder Agent and Triage Agent are expected to launch in June. Detection Builder Agent and Guided Response Agent target June 2026 for prerelease testing.

For more information, visit cisco.com/go/security.

Additional Resources:

• Blog: Reimagining Security for the Agentic Workforce
• Blog: Securing Agentic AI: How Cisco Brings Zero Trust to Your New Digital Workforce
• Blog: Introducing Duo Agentic Identity
• Blog: Cisco AI Defense: Explorer Edition Brings Agentic AI Red Teaming to Builders
• Blog: Introducing the Cisco LLM Security Leaderboard: Bringing Transparency to AI Security
• Blog: Cisco Announces DefenseClaw
• Blog: The Evolution of the SOC: Moving from Reactive to Agentic with Enterprise Security at RSAC 2026
• Blog: 2025 Talos Year in Review: Speed, scale, and staying power

About Cisco
Cisco (NASDAQ: CSCO) is the worldwide technology leader that is revolutionizing the way organizations connect and protect in the AI era. For more than 40 years, Cisco has securely connected the world. With its industry leading AI-powered solutions and services, Cisco enables its customers, partners and communities to unlock innovation, enhance productivity and strengthen digital resilience. With purpose at its core, Cisco remains committed to creating a more connected and inclusive future for all. Discover more on The Newsroom and follow us on X at @Cisco.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word 'partner' does not imply a partnership relationship between Cisco and any other company.

Disclaimer: The timeline for the release of some products, features and integrations is subject to change given ongoing evolution in development and innovation.

 

View original content to download multimedia:https://www.prnewswire.com/news-releases/cisco-reimagines-security-for-the-agentic-workforce-302721788.html

SOURCE Cisco Systems, Inc.

FAQ

What did Cisco (CSCO) announce about agentic AI security at RSA Conference 2026?

Cisco introduced end-to-end security for agentic AI, including Zero Trust for agents and new hardening tools. According to Cisco, launches include Duo IAM agent identity, AI Defense: Explorer Edition, DefenseClaw framework, and Splunk agentic SOC features with staggered availability through June 2026.

What is Cisco AI Defense: Explorer Edition and how does it help builders (CSCO)?

AI Defense: Explorer Edition is a self-serve red teaming toolkit for model and app testing before deployment. According to Cisco, it offers multi-turn adversarial testing, model security checks, CI/CD APIs, and exportable reports to help developers validate agent resilience.

What is DefenseClaw and how will Cisco integrate it with NVIDIA for CSCO customers?

DefenseClaw is an open-source secure agent framework that automates security and inventory for agents. According to Cisco, it will hook into NVIDIA OpenShell as a sandbox to automate runtime security and reduce manual deployment steps.

How does Cisco's Zero Trust for agents affect enterprise governance and access (CSCO)?

Zero Trust assigns verified identities, human owners, and time-bound permissions to agents to improve accountability. According to Cisco, agents are discovered via Identity Intelligence and routed through MCP gateways for fine-grained, auditable access control.

What Splunk security innovations did Cisco (CSCO) announce and when will they be available?

Splunk added Exposure Analytics, Detection Studio, federated search, and specialized SOC agents to automate response workflows. According to Cisco, Detection Studio and Malware Threat Reversing Agent are GA; others roll out April–June 2026 with some prerelease testing in June.

How many enterprises have moved agentic technology to production, per Cisco's survey (CSCO)?

Only a small share have moved to production: just 5% reported production deployment. According to Cisco, 85% of major enterprise customers are experimenting with AI agents, but only 5% have put them into production.